To protect the city’s electricity infrastructure from cyber attacks, Lieutenant-Governor Vinai Kumar Saxena has approved a notification to declare critical information infrastructure (CII) of power utilities and computer resources of their associated dependencies as ‘protected systems’, officials at the Raj Niwas said on Friday.
“Issued in accordance with sub-section 1 of Section 70 of the Information Technology Act, 2000, this notification would help put in place an effective system of checks, comprising information security practices and procedures, and access control that will ensure that computer resources of power utilities — Delhi Transco Ltd. (DTL) and State Load Dispatch Centre (SLDC) — and discoms — Tata Power Delhi Distribution Ltd., BSES Rajdhani Power Ltd. and BSES Yamuna Power Ltd. — will be secured against incapacitation or destruction,” an official said.
Sources said that once issued, the notification will also authorise persons “specifically identified by these utilities and approved by the Delhi Power Department” to access the protected systems under the same legal provision. The information security practices and procedures shall also be in accordance with the Central government-prescribed rules.
“As of years 2020–2021, attempts of cyber-attacks to disrupt power system operation had been observed by cyber security monitoring agencies of [the] Government of India,” the official said.
The Union Power Ministry, writing to States and Union Territories in March 2021, had said that cyber-attackers are “increasingly targeting” the power sector and asked governments to take preventive measures, he added.
“Any person who secures access or attempts to secure access to these protected computer systems, in contravention of the provisions of the laid down procedures, shall be punished with imprisonment up to 10 years and also be liable for fine,” another official said.
The National Critical Information Infrastructure Protection Centre (NCIIPC) had in March asked the Delhi government and its power utilities to identify such CIIs and people who would access them, for notification.
“Thereafter, following several rounds of correspondences and several meetings between SLDC, DTL and discoms in June, Supervisory Control and Data Acquisition (SCADA) system, Unified Real Time Dynamic State Measurement (URTDSM, system, and Web Based Energy Scheduling (WBES) system were identified as CIIs,” the official added.